Certain systems exist in which a first device provides (e.g. broadcasts using a short range wireless communication technology) information that publicly identifies the first device. A second device can receive the information and use the knowledge of the identity of the first device and proximity to the first device for various purposes, including communication, asset tracking, retail identification, safety, localization, etc. This configuration can be useful in fully public and open settings in which the identity and presence of the first device does not need to be concealed for any reason.
However, in many situations, it may be undesirable for the identity and presence of the first device to be fully transparent and publicly available. Instead, it may be desirable that only certain individuals or devices be able to identify the first device or otherwise receive specific information associated with the first device.
However, this configuration may be vulnerable to impersonation or other spoofing attacks. For example, because the first device publicly broadcasts its identifying information, a fraudulent device can record and replay the broadcasted identify information, thereby tricking the second device into believing that the fraudulent device is the first device. This vulnerability to impersonation can greatly damage the efficacy of the system.
Further, in some systems, the first device may be unable to or otherwise prohibited from performing more complex communications with other devices to validate its interactions.
Therefore, use of obscured identifiers and message integrity codes that authenticate the identity of the broadcasting device may be desirable. In particular, time-based ephemeral identifiers and message integrity codes may be particularly advantageous.